Summary

Blue Coat products that include affected versions of the Linux kernel and provide means for executing arbitrary code are susceptible to a privilege escalation vulnerability. A malicious local unprivileged user can exploit this vulnerability to escalate their privileges on the system or cause denial of service.

Affected Products

Malware Analysis (MA)

CVE

Affected Version(s)

Remediation

CVE-2016-0728

4.2

Upgrade to 4.2.9.

Norman Shark Industrial Control System Protection (ICSP)

CVE

Affected Version(s)

Remediation

CVE-2016-0728

5.3

Upgrade to 5.3.6.

Norman Shark Network Protection (NNP)

CVE

Affected Version(s)

Remediation

CVE-2016-0728

5.3

Upgrade to 5.3.6.

Norman Shark SCADA Protection (NSP)

CVE

Affected Version(s)

Remediation

CVE-2016-0728

5.3

Upgrade to 5.3.6.

The following products have a vulnerable version of the Linux kernel, but are not vulnerable to known vectors of attack:

Advanced Secure Gateway (ASG)

CVE

Affected Version(s)

Remediation

CVE-2016-0728

6.7 and later

Not vulnerable, fixed in 6.7.2.1

6.6

Upgrade to 6.6.5.1.

Content Analysis System (CAS)

CVE

Affected Version(s)

Remediation

CVE-2016-0728

2.1 and later

Not vulnerable, fixed in 2.1.1.1

1.3

Upgrade to 1.3.7.1.

1.2

Upgrade to later releases with fixes.

Mail Threat Defense (MTD)

CVE

Affected Version(s)

Remediation

CVE-2016-0728

1.1

Not available at this time

Management Center (MC)

CVE

Affected Version(s)

Remediation

CVE-2016-0728

1.7 and later

Not vulnerable, fixed in 1.7.1.2.

1.6

Upgrade to later releases with fixes.

1.5

Upgrade to later releases with fixes.

Reporter

CVE

Affected Version(s)

Remediation

CVE-2016-0728

10.1

Upgrade to 10.1.4.2.

SSL Visibility (SSLV)

CVE

Affected Version(s)

Remediation

CVE-2016-0728

3.10 and later

Not vulnerable, fixed in 3.10.1.1

3.9

Upgrade to 3.9.4.1.

3.8.4FC

Upgrade to later releases with fixes.

3.8

Upgrade to later releases with fixes.

Additional Product Information

A Blue Coat product does not need to use the Linux keyring facility in order to be vulnerable. A malicious local unprivileged user can execute arbitrary code that uses the keyctl() system call to exploit the vulnerability and gain escalated privileges on the system or cause denial of service. A remote attacker has to either have shell access on the target system, or force the target system to execute arbitrary code to exploit this vulnerability.

Blue Coat products that use a native installation of the Linux kernel but do not install or maintain the kernel are not vulnerable to this attack. However, the underlying platform that installs and maintains the Linux kernel may be vulnerable. Blue Coat urges our customers to update the versions of the Linux kernel that are natively installed for Client Connector, ProxyClient, and Reporter 9.x for Linux.

Blue Coat products that do not provide Linux shell access and do not execute arbitrary code from untrusted sources are not known to be vulnerable to this attack. However, vulnerability fixes will be included in the patches that are provided. The following products include vulnerable versions of the Linux kernel, but do not provide Linux shell access, do not execute arbitrary code from untrusted sources, and are not known to be vulnerable:

Issues

This Security Advisory addresses a privilege escalation vulnerability in the Linux kernel (CVE-2016-0728). A malicious local unprivileged user can exploit a reference leak and use-after-free flaw in the Linux kernel keyring facility. The malicious user can exploit the leaked keyring reference to cause the Linux kernel to execute arbitrary code, resulting in privilege escalation or denial of service.

The Linux kernel keyring facility is a mechanism for Linux drivers to cache authentication keys, encryption keys, and other security-related objects in the Linux kernel. Linux provides a system call interface, including a keyctl() system call, for userspace applications to manage the kernel objects and also use the keyring facility for their own purposes.

References

Revisions

2018-09-24 A fix for SSLV 3.8.4FC will not be provided. Please upgrade to a later version with the vulnerability fixes.
2017-11-06 ASG 6.7 is not vulnerable.
2017-08-02 SSLV 4.1 is not vulnerable.
2017-07-20 MC 1.10 is not vulnerable.
2017-05-17 CAS 2.1 is not vulnerable.
2017-03-30 MC 1.9 is not vulnerable.
2017-03-06 MC 1.8 is not vulnerable. ProxySG 6.7 is not vulnerable. SSLV 4.0 is not vulnerable. Vulnerability inquiries for DLP should be addressed to Digital Guardian technical support.
2016-12-04 SSLV 3.11 is not vulnerable.
2016-11-17 Cloud Data Protection for Oracle Field Service Cloud is not vulnerable.
2016-11-11 SSLV 3.10 is not vulnerable.
2016-11-04 A fix for ASG is available in 6.6.5.1. A fix for Reporter 10.1 is available in 10.1.4.2.
2016-10-25 MC 1.6 has a vulnerable version of the Linux kernel, but is not vulnerable to known vectors of attack. MC 1.7 is not vulnerable because it contains the vulnerability fix.
2016-08-12 A fix for CAS 1.3 is available in 1.3.7.1.
2016-08-10 A fix for SSLV 3.9 is available in 3.9.4.1.
2016-06-13 Fixes for ICSP, NNP, and NSP are available in 5.3.6.
2016-06-03 A fix for MAA is available in 4.2.9.
2016-05-12 A fix for SSLV 3.8 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2016-05-11 No Cloud Data Protection products are vulnerable.
2016-04-25 MTD 1.1 has a vulnerable version of the Linux kernel, but is not vulnerable to known vectors of attack.
2016-04-15 A fix will not be provided for CAS 1.2. Please upgrade to a later version with the vulnerability fixes.
2016-02-25 initial public release

Legacy ID

SA112

Terms of use for this information are found in Legal Notices.

Translated Content

This is machine translated content

Login to Subscribe

Please login to set up your
subscription.

Would you like to be subscribed to future notifications for this article?

For security reasons, your link to this document has expired. Please click on the attachment link to access this file.